[prev in list] [next in list] [prev in thread] [next in thread]
List: asterisk-commits
Subject: [asterisk-commits] =?utf-8?q?AST-2017-014=3A_res_pjsip_-_Missing_?= =?utf-8?q?contact_header_can_cau
From: SVN commits to the Asterisk project <asterisk-commits () lists ! digium ! com>
Date: 2017-12-22 21:57:37
Message-ID: mailman.4546.1513979900.1215.asterisk-commits () lists ! digium ! com
[Download RAW message or body]
Kevin Harwell has submitted this change and it was merged. ( \
https://gerrit.asterisk.org/7720 )
Change subject: AST-2017-014: res_pjsip - Missing contact header can cause crash
......................................................................
AST-2017-014: res_pjsip - Missing contact header can cause crash
Those SIP messages that create dialogs require a contact header to be present.
If the contact header was missing from the message it could cause Asterisk to
crash.
This patch checks to make sure SIP messages that create a dialog contain the
contact header. If the message does not and it is required Asterisk now returns
a "400 Missing Contact header" response. Also added NULL checks when retrieving
the contact header that were missing as a "just in case".
ASTERISK-27480 #close
Change-Id: I1810db87683fc637a9e3e1384a746037fec20afe
---
M res/res_pjsip.c
M res/res_pjsip/pjsip_message_filter.c
M res/res_pjsip_pubsub.c
3 files changed, 22 insertions(+), 6 deletions(-)
Approvals:
Jenkins2: Verified
Kevin Harwell: Looks good to me, approved; Approved for Submit
diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index 1fce19b..392f9a6 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -3241,7 +3241,7 @@
ast_assert(status != NULL);
contact_hdr = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);
- if (ast_sip_set_tpselector_from_ep_or_uri(endpoint, \
pjsip_uri_get_uri(contact_hdr->uri), + if (!contact_hdr || \
ast_sip_set_tpselector_from_ep_or_uri(endpoint, pjsip_uri_get_uri(contact_hdr->uri), \
&selector)) { return NULL;
}
diff --git a/res/res_pjsip/pjsip_message_filter.c \
b/res/res_pjsip/pjsip_message_filter.c index 085d978..427aec7 100644
--- a/res/res_pjsip/pjsip_message_filter.c
+++ b/res/res_pjsip/pjsip_message_filter.c
@@ -429,15 +429,27 @@
return PJ_TRUE;
}
- while ((contact =
- (pjsip_contact_hdr *) pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT,
- contact ? contact->next : NULL))) {
+
+ contact = (pjsip_contact_hdr *) pjsip_msg_find_hdr(
+ rdata->msg_info.msg, PJSIP_H_CONTACT, NULL);
+
+ if (!contact && pjsip_method_creates_dialog(&rdata->msg_info.msg->line.req.method)) \
{ + /* A contact header is required for dialog creating methods */
+ static const pj_str_t missing_contact = { "Missing Contact header", 22 };
+ pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 400,
+ &missing_contact, NULL, NULL);
+ return PJ_TRUE;
+ }
+
+ while (contact) {
if (!contact->star && !is_sip_uri(contact->uri)) {
print_uri_debug(URI_TYPE_CONTACT, rdata, (pjsip_hdr *)contact);
pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata,
PJSIP_SC_UNSUPPORTED_URI_SCHEME, NULL, NULL, NULL);
return PJ_TRUE;
}
+ contact = (pjsip_contact_hdr *) pjsip_msg_find_hdr(
+ rdata->msg_info.msg, PJSIP_H_CONTACT, contact->next);
}
return PJ_FALSE;
diff --git a/res/res_pjsip_pubsub.c b/res/res_pjsip_pubsub.c
index d921aa3..88005b8 100644
--- a/res/res_pjsip_pubsub.c
+++ b/res/res_pjsip_pubsub.c
@@ -613,8 +613,12 @@
expires = expires_hdr ? expires_hdr->ivalue : DEFAULT_PUBLISH_EXPIRES;
sub_tree->persistence->expires = ast_tvadd(ast_tvnow(), ast_samp2tv(expires, 1));
- pjsip_uri_print(PJSIP_URI_IN_CONTACT_HDR, contact_hdr->uri,
- sub_tree->persistence->contact_uri, sizeof(sub_tree->persistence->contact_uri));
+ if (contact_hdr) {
+ pjsip_uri_print(PJSIP_URI_IN_CONTACT_HDR, contact_hdr->uri,
+ sub_tree->persistence->contact_uri, \
sizeof(sub_tree->persistence->contact_uri)); + } else {
+ ast_log(LOG_WARNING, "Contact not updated due to missing contact header\n");
+ }
/* When receiving a packet on an streaming transport, it's possible to receive \
more than one SIP
* message at a time into the rdata->pkt_info.packet buffer. However, the \
rdata->msg_info.msg_buf
--
To view, visit https://gerrit.asterisk.org/7720
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: merged
Gerrit-Change-Id: I1810db87683fc637a9e3e1384a746037fec20afe
Gerrit-Change-Number: 7720
Gerrit-PatchSet: 1
Gerrit-Owner: Kevin Harwell <kharwell@digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com>
[Attachment #3 (text/html)]
<p>Kevin Harwell <strong>merged</strong> this change.</p><p><a \
href="https://gerrit.asterisk.org/7720">View Change</a></p><div \
style="white-space:pre-wrap">Approvals: Jenkins2: Verified
Kevin Harwell: Looks good to me, approved; Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: \
pre-wrap;">AST-2017-014: res_pjsip - Missing contact header can cause \
crash<br><br>Those SIP messages that create dialogs require a contact header to be \
present.<br>If the contact header was missing from the message it could cause \
Asterisk to<br>crash.<br><br>This patch checks to make sure SIP messages that create \
a dialog contain the<br>contact header. If the message does not and it is required \
Asterisk now returns<br>a "400 Missing Contact header" response. Also added \
NULL checks when retrieving<br>the contact header that were missing as a "just \
in case".<br><br>ASTERISK-27480 #close<br><br>Change-Id: \
I1810db87683fc637a9e3e1384a746037fec20afe<br>---<br>M res/res_pjsip.c<br>M \
res/res_pjsip/pjsip_message_filter.c<br>M res/res_pjsip_pubsub.c<br>3 files changed, \
22 insertions(+), 6 deletions(-)<br><br></pre><pre style="font-family: \
monospace,monospace; white-space: pre-wrap;">diff --git a/res/res_pjsip.c \
b/res/res_pjsip.c<br>index 1fce19b..392f9a6 100644<br>--- a/res/res_pjsip.c<br>+++ \
b/res/res_pjsip.c<br>@@ -3241,7 +3241,7 @@<br> ast_assert(status != NULL);<br> <br> \
contact_hdr = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT, \
NULL);<br>- if (ast_sip_set_tpselector_from_ep_or_uri(endpoint, \
pjsip_uri_get_uri(contact_hdr->uri),<br>+ if (!contact_hdr || \
ast_sip_set_tpselector_from_ep_or_uri(endpoint, \
pjsip_uri_get_uri(contact_hdr->uri),<br> &selector)) {<br> return \
NULL;<br> }<br>diff --git a/res/res_pjsip/pjsip_message_filter.c \
b/res/res_pjsip/pjsip_message_filter.c<br>index 085d978..427aec7 100644<br>--- \
a/res/res_pjsip/pjsip_message_filter.c<br>+++ \
b/res/res_pjsip/pjsip_message_filter.c<br>@@ -429,15 +429,27 @@<br> return \
PJ_TRUE;<br> }<br> <br>- while ((contact =<br>- (pjsip_contact_hdr *) \
pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_CONTACT,<br>- contact ? \
contact->next : NULL))) {<br>+<br>+ contact = (pjsip_contact_hdr *) \
pjsip_msg_find_hdr(<br>+ rdata->msg_info.msg, PJSIP_H_CONTACT, \
NULL);<br>+<br>+ if (!contact && \
pjsip_method_creates_dialog(&rdata->msg_info.msg->line.req.method)) \
{<br>+ /* A contact header is required for dialog creating methods */<br>+ static \
const pj_str_t missing_contact = { "Missing Contact header", 22 \
};<br>+ pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, \
400,<br>+ &missing_contact, NULL, NULL);<br>+ return \
PJ_TRUE;<br>+ }<br>+<br>+ while (contact) {<br> if (!contact->star && \
!is_sip_uri(contact->uri)) {<br> print_uri_debug(URI_TYPE_CONTACT, rdata, \
(pjsip_hdr *)contact);<br> \
pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata,<br> \
PJSIP_SC_UNSUPPORTED_URI_SCHEME, NULL, NULL, NULL);<br> return PJ_TRUE;<br> \
}<br>+ contact = (pjsip_contact_hdr *) \
pjsip_msg_find_hdr(<br>+ rdata->msg_info.msg, PJSIP_H_CONTACT, \
contact->next);<br> }<br> <br> return PJ_FALSE;<br>diff --git \
a/res/res_pjsip_pubsub.c b/res/res_pjsip_pubsub.c<br>index d921aa3..88005b8 \
100644<br>--- a/res/res_pjsip_pubsub.c<br>+++ b/res/res_pjsip_pubsub.c<br>@@ -613,8 \
+613,12 @@<br> expires = expires_hdr ? expires_hdr->ivalue : \
DEFAULT_PUBLISH_EXPIRES;<br> sub_tree->persistence->expires = \
ast_tvadd(ast_tvnow(), ast_samp2tv(expires, 1));<br> \
<br>- pjsip_uri_print(PJSIP_URI_IN_CONTACT_HDR, \
contact_hdr->uri,<br>- sub_tree->persistence->contact_uri, \
sizeof(sub_tree->persistence->contact_uri));<br>+ if (contact_hdr) \
{<br>+ pjsip_uri_print(PJSIP_URI_IN_CONTACT_HDR, \
contact_hdr->uri,<br>+ sub_tree->persistence->contact_uri, \
sizeof(sub_tree->persistence->contact_uri));<br>+ } else \
{<br>+ ast_log(LOG_WARNING, "Contact not updated due to missing contact \
header\n");<br>+ }<br> <br> /* When receiving a packet on an streaming \
transport, it's possible to receive more than one SIP<br> * message at a time \
into the rdata->pkt_info.packet buffer. However, the \
rdata->msg_info.msg_buf<br></pre><p>To view, visit <a \
href="https://gerrit.asterisk.org/7720">change 7720</a>. To unsubscribe, visit <a \
href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope \
itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" \
itemtype="http://schema.org/ViewAction"><link itemprop="url" \
href="https://gerrit.asterisk.org/7720"/><meta itemprop="name" content="View \
Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13 </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: \
I1810db87683fc637a9e3e1384a746037fec20afe </div> <div style="display:none"> \
Gerrit-Change-Number: 7720 </div> <div style="display:none"> Gerrit-PatchSet: 1 \
</div> <div style="display:none"> Gerrit-Owner: Kevin Harwell \
<kharwell@digium.com> </div> <div style="display:none"> Gerrit-Reviewer: \
Jenkins2 </div> <div style="display:none"> Gerrit-Reviewer: Kevin Harwell \
<kharwell@digium.com> </div>
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-commits mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-commits
--===============6133132058141902797==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic